Technical Advisory: Stored and Reflected XSS Vulnerability in Nagios Log Server (CVE-2021-35478,CVE-2021-35479)

Vendor: Nagios Vendor URL: https://www.nagios.com/ Versions affected: >= 2.1.8 Systems Affected: Nagios Log Server Author: Liew Hock Lai <hocklai.liew@nccgroup.com> Advisory URL: https://www.nagios.com/downloads/nagios-log-server/change-log/ CVE Identifier: CVE-2021-35478 (Reflected XSS), CVE-2021-35478 (Stored XSS) Risk: 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) (client-side script execution) Summary Nagios Log Server is a Centralized Log Management, Monitoring, and Analysis software that allows organizations to monitor, manage, … Continue reading Technical Advisory: Stored and Reflected XSS Vulnerability in Nagios Log Server (CVE-2021-35478,CVE-2021-35479)